rpm package
suse/tor&distro=SUSE Package Hub 15 SP2
pkg:rpm/suse/tor&distro=SUSE%20Package%20Hub%2015%20SP2
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-22929 | — | < 0.4.6.8-bp152.2.18.1 | 0.4.6.8-bp152.2.18.1 | Aug 31, 2021 | An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log. | ||
| CVE-2021-38385 | — | < 0.4.6.7-bp152.2.15.1 | 0.4.6.7-bp152.2.15.1 | Aug 30, 2021 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. | ||
| CVE-2021-34550 | — | < 0.4.5.9-bp152.2.12.1 | 0.4.5.9-bp152.2.12.1 | Jun 29, 2021 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor | ||
| CVE-2021-34549 | — | < 0.4.5.9-bp152.2.12.1 | 0.4.5.9-bp152.2.12.1 | Jun 29, 2021 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency. | ||
| CVE-2021-34548 | — | < 0.4.5.9-bp152.2.12.1 | 0.4.5.9-bp152.2.12.1 | Jun 29, 2021 | An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream. | ||
| CVE-2021-28090 | — | < 0.4.5.7-bp152.2.9.1 | 0.4.5.7-bp152.2.9.1 | Mar 19, 2021 | Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002. | ||
| CVE-2021-28089 | — | < 0.4.5.7-bp152.2.9.1 | 0.4.5.7-bp152.2.9.1 | Mar 19, 2021 | Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001. | ||
| CVE-2020-15572 | — | < 0.4.4.6-bp152.2.3.1 | 0.4.4.6-bp152.2.3.1 | Jul 15, 2020 | Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. | ||
| CVE-2020-10593 | — | < 0.4.4.6-bp152.2.3.1 | 0.4.4.6-bp152.2.3.1 | Mar 23, 2020 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit | ||
| CVE-2020-10592 | — | < 0.4.4.6-bp152.2.3.1 | 0.4.4.6-bp152.2.3.1 | Mar 23, 2020 | Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. |
- CVE-2021-22929Aug 31, 2021affected < 0.4.6.8-bp152.2.18.1fixed 0.4.6.8-bp152.2.18.1
An information disclosure exists in Brave Browser Desktop prior to version 1.28.62, where logged warning messages that included timestamps of connections to V2 onion domains in tor.log.
- CVE-2021-38385Aug 30, 2021affected < 0.4.6.7-bp152.2.15.1fixed 0.4.6.7-bp152.2.15.1
Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007.
- CVE-2021-34550Jun 29, 2021affected < 0.4.5.9-bp152.2.12.1fixed 0.4.5.9-bp152.2.12.1
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-006. The v3 onion service descriptor parsing allows out-of-bounds memory access, and a client crash, via a crafted onion service descriptor
- CVE-2021-34549Jun 29, 2021affected < 0.4.5.9-bp152.2.12.1fixed 0.4.5.9-bp152.2.12.1
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-005. Hashing is mishandled for certain retrieval of circuit data. Consequently. an attacker can trigger the use of an attacker-chosen circuit ID to cause algorithm inefficiency.
- CVE-2021-34548Jun 29, 2021affected < 0.4.5.9-bp152.2.12.1fixed 0.4.5.9-bp152.2.12.1
An issue was discovered in Tor before 0.4.6.5, aka TROVE-2021-003. An attacker can forge RELAY_END or RELAY_RESOLVED to bypass the intended access control for ending a stream.
- CVE-2021-28090Mar 19, 2021affected < 0.4.5.7-bp152.2.9.1fixed 0.4.5.7-bp152.2.9.1
Tor before 0.4.5.7 allows a remote attacker to cause Tor directory authorities to exit with an assertion failure, aka TROVE-2021-002.
- CVE-2021-28089Mar 19, 2021affected < 0.4.5.7-bp152.2.9.1fixed 0.4.5.7-bp152.2.9.1
Tor before 0.4.5.7 allows a remote participant in the Tor directory protocol to exhaust CPU resources on a target, aka TROVE-2021-001.
- CVE-2020-15572Jul 15, 2020affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.
- CVE-2020-10593Mar 23, 2020affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (memory leak), aka TROVE-2020-004. This occurs in circpad_setup_machine_on_circ because a circuit-padding machine can be negotiated twice on the same circuit
- CVE-2020-10592Mar 23, 2020affected < 0.4.4.6-bp152.2.3.1fixed 0.4.4.6-bp152.2.3.1
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.